Phase 09: CI/CD Enhancement Tasks

Estimated Time: 10-12 hours Dependencies: Phases 1-8 complete, GitHub repository configured


Overview

Enhance CI/CD pipeline with automated builds, tests, security scans, and deployments. Ensure code quality and security at every commit.


TASK-086: GitHub Actions Workflow Setup

Description: Create comprehensive GitHub Actions workflows for CI/CD.

Implementation:

# .github/workflows/ci.yml
name: CI Pipeline

on:
  push:
    branches: [main, develop]
  pull_request:
    branches: [main]

jobs:
  lint:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - uses: actions/setup-python@v4
        with:
          python-version: '3.9'
      - name: Install linters
        run: |
          pip install black ruff mypy
      - name: Run black
        run: black --check .
      - name: Run ruff
        run: ruff check .
      - name: Run mypy
        run: mypy scanner/ dashboard/

  test:
    needs: lint
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run tests
        run: |
          pip install -r requirements.txt -r requirements-dev.txt
          pytest tests/ -v --cov --cov-report=xml
      - name: Upload coverage
        uses: codecov/codecov-action@v3

  security:
    needs: test
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Run Snyk scan
        uses: snyk/actions/python@master
        env:
          SNYK_TOKEN: ${{ secrets.SNYK_TOKEN }}
      - name: Run Bandit
        run: |
          pip install bandit
          bandit -r scanner/ dashboard/ -f json -o bandit-report.json

  build:
    needs: [lint, test, security]
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Build Docker images
        run: |
          docker build -t nmapping-scanner:${{ github.sha }} scanner/
          docker build -t nmapping-dashboard:${{ github.sha }} dashboard/

Acceptance Criteria:

Time Estimate: 3-4 hours


TASK-087: Automated Code Quality Checks

Description: Integrate code quality tools (black, ruff, mypy).

Configuration:

# pyproject.toml
[tool.black]
line-length = 100
target-version = ['py39']

[tool.ruff]
line-length = 100
select = [''E'', ''F'', ''I'', ''N'', ''W'']

[tool.mypy]
python_version = "3.9"
strict = true

Acceptance Criteria:

Time Estimate: 2 hours


TASK-088: Dependency Scanning

Description: Scan dependencies for vulnerabilities (Snyk, Dependabot).

Acceptance Criteria:

Time Estimate: 2 hours


TASK-089: Docker Image Build & Push

Description: Automate Docker image builds and push to registry.

Implementation:

# .github/workflows/docker.yml
name: Docker Build

on:
  push:
    tags:
      - ''v*''

jobs:
  build-push:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Login to Docker Hub
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}
      - name: Build and push
        uses: docker/build-push-action@v4
        with:
          context: .
          push: true
          tags: |
            nmapping/scanner:${{ github.ref_name }}
            nmapping/scanner:latest

Acceptance Criteria:

Time Estimate: 2-3 hours


TASK-090: Automated Deployment

Description: Automate deployment to staging and production.

Acceptance Criteria:

Time Estimate: 3-4 hours


TASK-091: Release Automation

Description: Automate release creation with changelog generation.

Implementation:

# .github/workflows/release.yml
name: Create Release

on:
  push:
    tags:
      - ''v*''

jobs:
  release:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        with:
          fetch-depth: 0
      - name: Generate changelog
        id: changelog
        uses: metcalfc/changelog-generator@v4
      - name: Create release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ github.ref }}
          release_name: Release ${{ github.ref }}
          body: ${{ steps.changelog.outputs.changelog }}

Acceptance Criteria:

Time Estimate: 2 hours


TASK-092: Branch Protection Rules

Description: Configure branch protection for main/develop branches.

Rules:

Acceptance Criteria:

Time Estimate: 1 hour


TASK-093: CI/CD Documentation

Description: Document CI/CD workflows and deployment processes.

Documentation:

Acceptance Criteria:

Time Estimate: 2 hours


Phase Acceptance Criteria:


Owner: DevOps Team Review Date: 2026-01-20